Chief Information Security Officer - Project PEAK

Job Summary

The Chief Information Security Officer is responsible for ensuring the overall security and resilience of the Project’s information assets. As second line of defence, the CISO is accountable for developing the security and cyber-security policies and standards, aligned with the SCB Group standards and policies. As such, the CISO maintains security and cyber-security awareness by implementing proper training programs. They will also be in charge of controlling the implementation plans, the setup of the controls against threats, data breaches, and their effectiveness to comply with the Risk Appetite defined by the relevant committees

Key Responsibilities

Within the Project's remit;

• Develop and implement an information security strategy and program.
• Work closely with the Project Management team, and provide relevant guidance and support as when required
• Identify, assess, and prioritize security risks, and implement appropriate risk mitigation measures.
• Ensure compliance with relevant laws, regulations, and industry standards.
• Own the development and implementation of security policies, procedures, and standards.
• Manage incident response and recovery processes to minimize impact on business operations.
• Collaborate with other departments to integrate security into business processes and projects.
• Conduct regular security assessments, audits, and penetration testing.
• Stay current with emerging security threats and industry trends, and adjust strategies as necessary.
• Communicate security risks and strategies to executive management and the board of directors.

Skills and Experience

• Strong knowledge of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS).
• Experience with regulatory compliance requirements (e.g., GDPR, HIPAA, PCI-DSS).
• Excellent leadership, communication, and interpersonal skills.
• Ability to manage multiple projects and priorities in a fast-paced environment.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or a related field (Master's degree preferred).
• Proven experience (10+ years) in information security management, with at least 5 years in a leadership role.
• Relevant certifications such as CISSP, CISM, or CISA are highly desirable